The Akenti server code was redone to support the SOAP protocol. This required developing XML schemas for the messages which now gives Akenti a standards-compliant expression of its API. This also facilitates the use by Akenti clients of standard SOAP libraries when sending and receiving Akenti messages.The client and server support libraries were combined, since with the need for the client side to parse capability certificates, it was no longer possible to provide a small client library. The additions to the policy engine API still need to be added to the server protocol.
Added additional parameters to the checkAccess interface to the PolicyEngine. The caller can now specify the desired actions and/or attributes and restrict the policy authorization to just using those attributes and/or actions. The restriction of attributes, allows a user to specify an attribute such as a role which will be used as the basis for authorization. The restriction of actions, allows the policy engine to be more efficient in that it will only need to satisfy enough UseConditions to grant the required actions.
Some more code optimization was done, with cleaner implementation of the smart pointer inheritance classes.
No changes in the GUI, but some progress was made on replacing the Java support server with one written in C++. The objective of this work is to eliminate the need for Java on the server side, and eventually consolidate the auxiliary server with the main Akenti server.
We released an updated version of the code in March. It includes the updated API to the policy engine and server, a cleanup and standardization of the tools to check and view policies.
Implementation of the C++ security shared library continued. This library will facilitate sharing of high quality implementations of commonly used security functions among the Secure and Reliable Group Communication project, the Peer to Peer File Sharing project and Akenti.
We have been working with the PERMIS project at University of Salford on their report comparing Akenti to PERMIS. Both are authorization services based an policy expressed in XML We helped them get our code running and answered questions on creating Akenti policy. We installed and ran the PERMIS and created PERMIS policy in order to report to them on the ease of use.of their distribution
The latest version of the Globus job manager that has the newly designed authorization callout was downloaded from Argonne. The sample called module was modified slightly to extract all the parameters needed by Akenti. Work will begin next quarter on writing the Akenti interface and compiling and packaging it in the Globus environment.
One of our project members has been working with the Grid Services group to write Python code to digitally sign SOAP messages. We expect that his experience will be helpful when coding the signing of Akenti XML certificates.